Hi everyone,
we've merged a patch that aligns UI code with Engine SSO infra:
https://gerrit.ovirt.org/#/c/49278/
In particular, UI code that creates & maintains REST webapp's
HTTP session was removed in favor of using SSO token.
**UI plugin authors take note!** The "RestApiSessionAcquired"
callback was removed -- please update your UI plugins to use
the new "api.ssoToken" function when making REST API requests:
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com/ovirt-engine/api');
xhr.setRequestHeader('Authorization', 'Bearer ' + api.ssoToken());
xhr.setRequestHeader('Accept', 'application/json');
xhr.addEventListener('load', function () {
// response loaded OK, parse JSON data
var data = JSON.parse(this.responseText);
});
xhr.send();
While being a breaking change, this should simplify UI plugin
code because:
- the new "api.ssoToken" function can be called anytime,
removing the need for an asynchronous callback
- no need to use session-specific request headers anymore
(like "Prefer: persistent-auth" and "JSESSIONID: xxx"),
just use "Authorization: Bearer xxx" and you're good
Please see commit msg of above mentioned patch for further
details on the changes and their implications.
Let me know if you have any questions or comments.
Regards,
Vojtech